Redmond Magazine

Microsoft Commercially Releases Azure Active Directory Certificate-Based Authentication for Mobile Devices

Microsoft this week announced that its Azure Active Directory Certificate-Based Authentication (CBA) scheme for "phishing-resistant" authentications is now commercially released and ready for use with ...
Redmond Magazine

Microsoft Releases Windows LAPS Public Preview Using Azure Active Directory Capabilities

Microsoft on Friday announced a public preview of Windows Local Administrator Password Solution (LAPS) for Microsoft Entra Azure Active Directory. The preview of Windows LAPS for Azure AD represents a ...
Dark Reading

Rogue Azure AD Guests Can Steal Data via Power Apps

Guest accounts in Azure AD (AAD) are meant to provide limited access to corporate resources for external third parties — the idea is to enable collaboration without risking too much exposure. But ...
Dark Reading

Azure AD 'Log in With Microsoft' Authentication Bypass Affects Thousands

Organizations that have implemented the "Log in with Microsoft" feature in their Microsoft Azure Active Directory environments could potentially be vulnerable to an authentication bypass that opens ...
Bleeping Computer

Microsoft fixes Azure AD auth flaw enabling account takeover

Microsoft has addressed an Azure Active Directory (Azure AD) authentication flaw that could allow threat actors to escalate privileges and potentially fully take over the target's account. This ...
SiliconANGLE

Azure Active Directory rebrands to Microsoft Entra ID

Microsoft Corp. today announced that its long-lived and much-loved identity and access management service Azure Active Directory is being rebranded, and will henceforth be known as Microsoft Entra ID.
CSOonline

Beware of overly permissive Azure AD cross-tenant synchronization policies

A new proof of concept shows that attackers can use Azure AD CTS to leap to Microsoft and non-Microsoft application across tenants. Lateral movement techniques have been a critical component of ...